MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cbb48c501cb9c86f76b57220a54686f7e77476e4261bf26928e437b7b101d34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cbb48c501cb9c86f76b57220a54686f7e77476e4261bf26928e437b7b101d34
SHA3-384 hash: caa1a7705def209ebb1177c8c8bc8a41489b74a4fc5b9da3e397cefbdfca25ca16a0108754896e9ed3cd21403bbfc5d2
SHA1 hash: 6290a5701f332d9eecf04995360c7d09b0ceb9de
MD5 hash: 67be5f1a04f458f436c861eb576fc2d7
humanhash: wyoming-pizza-nevada-iowa
File name:PO 010.Z
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'361 bytes
First seen:2020-05-21 08:36:32 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:rn+EiHPLTXSFaT9XIyCSdNMtlohs14EPOSBDun:rZSLvpA4OtmJEw
TLSH 43C2E25384F24ADDBD7D004D59B3BFE83EF26AD1B4E7E0C8255A08978B3540CF69A849
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: apexlimo.com
Sending IP: 37.49.230.204
From: "sales department" <bsilver@apexlimo.com>
Subject: New PO/ Invoice #-010-240
Attachment: PO 010.Z (contains "PO #010.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1laX8hHdYnsaH0xAEpi7Lx02iM6jArVPvb$4E

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200521-0757.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 00:23:20 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ds5urribzooin53lk4rauvdin57hor3oijq36jusrzbxw6yqdu2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 1cbb48c501cb9c86f76b57220a54686f7e77476e4261bf26928e437b7b101d34

(this sample)

GuLoader

Executable exe bb5c8472255fad61a597de4e980e2c667c975bd34026c6ac87bbb905588999ea

  
Dropping
MD5 ae26b4698e368a653675d2e26b1f2f1a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb5c8472255fad61a597de4e980e2c667c975bd34026c6ac87bbb905588999ea

Comments